WGU C702 FORENSICS AND NETWORK
INTRUSION EXAM CERTIFICATION EVALUATION
TEST 2026 FULL QUESTIONS AND CORRECT
ANSWERS ALREADY PASSED GRADED A+
◉ Event correlation goal. Answer: What is the goal when performing
event correlation?
◉ Root cause identification. Answer: Root cause identification
◉ Affidavit statement report type. Answer: Which type of report
should this investigator prepare?
◉ Formal written report. Answer: Formal written
◉ Acknowledgments section. Answer: Which optional section in the
report serves as a gesture of thanks for the third-party support?
◉ Name of the server. Answer: What must an investigator document
about this log in the forensic report?
,◉ Minimum number of workstations. Answer: What is the minimum
number of workstations a forensics lab needs?
◉ Two workstations. Answer: Two
◉ BIOS parameter block function. Answer: Which function does the
BIOS parameter block (BPB) handle for the hard disk?
◉ Physical layout and volume partitions. Answer: Describes the
physical layout and volume partitions
◉ RAID 3 information storage. Answer: How does RAID 3 store
information?
◉ Byte level across multiple drives. Answer: Information is written
at byte level across multiple drives, but only one is dedicated for
parity.
◉ File system for MacOS. Answer: Which file system is on a system
with MacOS installed?
◉ Hierarchical File System Plus (HFS+). Answer: Hierarchical File
System Plus (HFS+)
,◉ SQL database activity details. Answer: Where should an
investigator search for details of activities that have taken place in
an SQL database?
◉ Transaction log data files (LDF). Answer: Transaction log data
files (LDF)
◉ Command line utility for database privileges. Answer: Which
command line utility enables an investigator to analyze privileges
assigned to database files?
◉ mysqldump. Answer: A utility for creating backups of MySQL
databases.
◉ mysqlaccess. Answer: A command-line tool for checking user
access to MySQL databases.
◉ Mail.biedburz.usa. Answer: The name of the server that sent the
threatening email.
◉ Mailhost.big-isp.com. Answer: Another server mentioned in the
email header.
, ◉ X-Distribution. Answer: A header that allows an investigator to
determine if a message was sent to many recipients.
◉ MacOS. Answer: An operating system that contains PLIST files for
forensic analysis.
◉ Linux. Answer: An operating system that contains the
authentication log at /var/log/auth.log.
◉ /var/log/. Answer: The path a forensic investigator should use to
look for system logs in a Mac.
◉ dmesg. Answer: A tool that a forensic investigator should use to
view information from Linux kernel ring buffers.
◉ EaseUS Data Recovery. Answer: A tool that an investigator should
use to locate Adobe PDF files on a reformatted Windows hard drive.
◉ 0xFFD8. Answer: The hexadecimal value an investigator should
search for to find JPEG images on a device.
◉ Folder. Answer: A type of steganography that allows the user to
physically move a file but keep the associated files in their original
location for recovery.
INTRUSION EXAM CERTIFICATION EVALUATION
TEST 2026 FULL QUESTIONS AND CORRECT
ANSWERS ALREADY PASSED GRADED A+
◉ Event correlation goal. Answer: What is the goal when performing
event correlation?
◉ Root cause identification. Answer: Root cause identification
◉ Affidavit statement report type. Answer: Which type of report
should this investigator prepare?
◉ Formal written report. Answer: Formal written
◉ Acknowledgments section. Answer: Which optional section in the
report serves as a gesture of thanks for the third-party support?
◉ Name of the server. Answer: What must an investigator document
about this log in the forensic report?
,◉ Minimum number of workstations. Answer: What is the minimum
number of workstations a forensics lab needs?
◉ Two workstations. Answer: Two
◉ BIOS parameter block function. Answer: Which function does the
BIOS parameter block (BPB) handle for the hard disk?
◉ Physical layout and volume partitions. Answer: Describes the
physical layout and volume partitions
◉ RAID 3 information storage. Answer: How does RAID 3 store
information?
◉ Byte level across multiple drives. Answer: Information is written
at byte level across multiple drives, but only one is dedicated for
parity.
◉ File system for MacOS. Answer: Which file system is on a system
with MacOS installed?
◉ Hierarchical File System Plus (HFS+). Answer: Hierarchical File
System Plus (HFS+)
,◉ SQL database activity details. Answer: Where should an
investigator search for details of activities that have taken place in
an SQL database?
◉ Transaction log data files (LDF). Answer: Transaction log data
files (LDF)
◉ Command line utility for database privileges. Answer: Which
command line utility enables an investigator to analyze privileges
assigned to database files?
◉ mysqldump. Answer: A utility for creating backups of MySQL
databases.
◉ mysqlaccess. Answer: A command-line tool for checking user
access to MySQL databases.
◉ Mail.biedburz.usa. Answer: The name of the server that sent the
threatening email.
◉ Mailhost.big-isp.com. Answer: Another server mentioned in the
email header.
, ◉ X-Distribution. Answer: A header that allows an investigator to
determine if a message was sent to many recipients.
◉ MacOS. Answer: An operating system that contains PLIST files for
forensic analysis.
◉ Linux. Answer: An operating system that contains the
authentication log at /var/log/auth.log.
◉ /var/log/. Answer: The path a forensic investigator should use to
look for system logs in a Mac.
◉ dmesg. Answer: A tool that a forensic investigator should use to
view information from Linux kernel ring buffers.
◉ EaseUS Data Recovery. Answer: A tool that an investigator should
use to locate Adobe PDF files on a reformatted Windows hard drive.
◉ 0xFFD8. Answer: The hexadecimal value an investigator should
search for to find JPEG images on a device.
◉ Folder. Answer: A type of steganography that allows the user to
physically move a file but keep the associated files in their original
location for recovery.
